Corporate Policy

Updated: August 2024

2355581 Ontario Inc. dba OceanMD (“OceanMD”) is proud to offer you the OceanMD website (the “Website”). We are committed to protecting your personal information and complying with applicable data protection and privacy laws.  This “Privacy Policy” tells you how we do so.

We will update this Privacy Policy as necessary. Please check it regularly.

Healthcare practitioners who use OceanMD’s products have their own privacy policies pertaining to the collection, use and disclosure of personal information, including personal health information. We encourage you to review their privacy policies to understand how your personal information is protected.

1. What information do we collect?

Website Access
Unless you opt-out, our website uses “Cookies” and other automatic data collection technologies with your consent to collect personal information whenever you visit or interact with the Website, including unique identifiers and preference information such as IP address, technical usage, browser type, time zone settings, language preferences, operating system, unique device identifiers, search history, page response times and length of visit, pages viewed, marketing preferences or navigation and clickstream behaviour for online interactions. These Cookies helps us understand how you use the Website and the content of the Website in order to make improvements. We also may use these Cookies to promote our services through marketing and advertising. These Cookies may be accessed or disclosed to third-parties for the purpose of serving you relevant advertisements. You can opt-out of Cookies or prevent third-party websites from accessing our Cookies through the privacy settings on your browser. However, opting-out of our Cookies may disable some of the Website’s features, and may prevent us from providing you with the information and services you have requested.

Contact Us

When you submit a form on the Website, or contact us directly by calling us, or e-mailing us, we may collect information like your name, e-mail, phone number, clinic/organization, the province in which you are located, and any other information you may voluntarily provide us. This information will be used by OceanMD to communicate with you to provide you with the information you requested.

Ocean Platform

OceanMD is the creator and operator of the “Ocean” platform, which includes a full suite of virtual patient engagement tools for healthcare practitioners, including online appointment booking, secure messaging, appointment reminders, and digital forms as well as in-clinic check-in kiosks and tablets that enables the collection of personal health information by healthcare practitioners and provides the ability to store and retrieve all appointment, lab and consult information.

As a healthcare practitioner using Ocean, information like your name, clinic, contact details, and billing details will be collected by OceanMD to administer your account (“Account”). As a patient of a healthcare practitioner that is using Ocean, all personal health information in relation to your appointment or referral is collected and securely stored through industry-standard 256-bit AES encryption, the same technology used for online banking. OceanMD does not collect or use personal health information on Ocean and will only ever access personal health information information if OceanMD is requested to provide technical assistance by the healthcare practitioner. If technical assistance is provided, no personal health information is collected or saved by OceanMD.

Direct Marketing

If you sign up to receive direct marketing or promotional communications from OceanMD, we will collect your name and e-mail to inform you about the requested products and services.

2. Why do we use personal information?

We use your personal information to:

  • manage our relationship with you and provide you with the information or services you request, conduct research and evaluate research and development on the Website including analyzing testing data to improve our services,
  • communicate with you regarding inquiries for information or customer service request or employment opportunities,
  • detect, prevent or investigate security breaches,
  • process credit card or other payment information as agreed to on the Website,
  • validate requests and confirm identities;
  • protect our business, and
  • maintain appropriate records for internal administrative purposes.

OceanMD reserves the right to aggregate and anonymize Account information (or other information) and use such aggregated information as it sees fit. OceanMD does not use any patient personal health information for any reason and will never access any personal health information stored within Ocean, unless required to provide technical assistance to health care practitioners.


3. Who do we share the personal information with?

OceanMD only shares your personal information with service providers in order to operate the Website and offer you the information or services you request. This includes sharing your personal information for:

  • fraud prevention,
  • payment processing,
  • providing requested services or information,
  • operating the Website, and
  • customer service.

We only use service providers that ensure a comparable level of protection for your personal information, as provided in this Privacy Policy. Our contracts with our service providers ensure they comply with that obligation and use your personal information for the services requested. Exceptionally, as allowed or required by law, we may have to disclose your personal information to law enforcement agencies where they demonstrate they have the legal authority to request it. Ocean enables healthcare practitioners to securely refer patients to other healthcare practitioners using the Ocean platform. As such, at your healthcare practitioner’s discretion, your personal information may be shared with other healthcare practitioners and clinics. We encourage you to review your healthcare practitioner’s privacy policy on how your personal information may be used and shared. OceanMD will never disclose your personal health information.

4. How long do we keep personal information?

We retain personal information, such as healthcare practitioner account information, for as long as required to provide the services for which it was collected, otherwise, in accordance with applicable legal and regulatory requirements. Healthcare practitioners using Ocean are required to comply with different statutory and regulatory requirements and store personal health information for a minimum length of time. We encourage you to speak with your healthcare practitioner directly on how long they are required to store your personal information. Ocean is not an electronic medical record. Once personal health information has been successfully downloaded to the patient chart in the clinic’s EMR, it is routinely deleted from the Ocean Platform.

5. How do we keep personal information accurate?

We take reasonable steps to ensure that any personal information in our custody is accurate and up-to-date but we mostly rely on you to notify your healthcare practitioner of any changes to personal information you provided us. Once your healthcare practitioner updates your information, it will be automatically updated in Ocean as well.

6. How do we protect your personal information and respond to breaches?

We use reasonable and appropriate physical, administrative and technical measures designed to help you secure your personal information against accidental or unlawful loss, access or disclosure. Only staff and service providers who have a legitimate business purpose for accessing the personal information collected by us are authorized to do so. Access to sensitive data is automatically logged and restricted to senior operations personnel. Unauthorized use of personal information by anyone affiliated with OceanMD is prohibited and constitutes grounds for disciplinary action. On Ocean, all personal health information in relation to patient appointments or referrals is collected and securely stored through industry-standard 256-bit AES encryption, the same technology used for online banking. Ocean’s client-side encryption ensures that all personal health information is inaccessible to third parties outside of the participating clinics, including OceanMD’s own employees. All data is encrypted at rest and secured in transit using industry-grade encryption measures. Further, Ocean uses a cloud-based architecture deployed in Canadian AWS data centres. AWS is an SOC 2-certified cloud service provider.

Even though we take all necessary steps to protect your personal information, security breaches cannot be eliminated and we cannot guarantee a breach will never occur. If a breach is ever suspected or confirmed (an “Incident”), such Incident is immediately reported to OceanMD’s president and privacy officer and investigated. During their investigation of the Incident, any personal information at risk may be secured or deleted, and all audit logs are secured to assist with follow-up investigation. If an Incident is confirmed as a breach, OceanMD will follow all statutory and regulatory requirements, including all guidance from the relevant privacy commissioners of the jurisdiction in which the breach occurred. Depending on the breach, such response may involve notifying the relevant healthcare practitioner whose patient data was contained within the breach, notifying the individual directly of such breach, and/or reporting the breach to the relevant privacy body or commission.

Healthcare providers utilize OceanMD as part of their practice which are outside of OceanMD’s network. OceanMD does not review or otherwise monitor any third-party systems for reliability, data security, or privacy practice. Please reach out to your healthcare provider directly to discuss their privacy and security practices.

7. Do we have a disaster recovery plan?

Yes. OceanMD maintains an independent disaster recovery data centre and server infrastructure, with the ability to initiate an immediate switch-over of all operations to this server in emergency situations. All solutions are deployed with redundancies, auditing, and regular secure backups, so even if a disaster were to occur, OceanMD would be able to maintain operations and ensure all personal information is secure and safe.

8. Where do we store personal information?

All personal information collected by healthcare practitioners on Ocean is securely stored on servers in Canada (one in Montreal and one in Toronto). These servers are used to securely store all information collected on Ocean, and are used to store all personal information collected through OceanMD’s website; however, personal information processed by our third-party service providers may be done outside Canada. While outside of Canada, personal information is subject to that jurisdiction’s laws, which may permit governmental authorities the right to access your personal information. For more information on our service providers or where we store personal information, contact us at [email protected].

9. Links to third-party sites

Our Website may lead you to third-party websites, including websites advertising other products or services. Further, your healthcare practitioner may have their own website and privacy policies. These organizations are separate and distinct from OceanMD. We are not responsible in any way for how any third-party collects, uses or discloses your personal information, so it is important to familiarize yourself with the privacy policies of these websites before providing your personal information to them.

10. Direct marketing

You may sign up to receive marketing or promotional communications from OceanMD. Where you have expressly consented, we may use your personal information to inform you about us and our products and our services, including promotional offers and events. If you no longer wish to receive marketing or promotional communications from us, you can opt-out at any time by:

  • using the unsubscribe feature found in our emails and other electronic communications, or
  • contacting us via email at [email protected].

We delete your e-mail shortly after receiving your request to unsubscribe.

11. Your rights

You also have the right to:

  • make a written request to access your personal information,
  • request us to restrict our use or disclosure of your personal information,
  • object to our use or disclosure of your personal information,
  • request that we edit, but not remove, certain information (like an e-mail address),
  • request that we transfer to another organization the personal information you have provided us, and
  • request us to delete the personal information we hold about you.

Contact us at [email protected] to exercise any of these rights. We will respond within 30 days. If we cannot grant your request, for example, we do not have the right to make corrections to the information contained within a healthcare practitioner’s account about you, we will give you reasons and try to connect you with the individual capable of assisting your request. If you would like to access your personal health information on Ocean, please contact your healthcare practitioner as we do not have the ability to access it. We will address all requests with equal attention.

 

 

12. Contacting us

Accountability with respect to your personal information is important to OceanMD. In the event that you have any questions (including how personal information is managed by OceanMD), complaints or concerns about this Privacy Policy, or if you have reason to believe that we may have failed to adhere to it, please contact us by sending an email. Questions regarding your rights and responsibilities under this Privacy Policy can be directed to our privacy officer at [email protected]. If after contacting us you are still not satisfied, you have the right to file a complaint with your local privacy authority.

Solutions

For Healthcare Providers

Proven digital tools and workflows purpose-built for clinicians, by clinicians

For Clinic Administration

Simplify the end-to-end experience and help ease the burden for staff and patients

For Healthcare Systems

Bring digital innovations to life for large organizations and diverse populations

The Ocean Platform

Patient Engagement Suite

Connect your community with easy-to-use tools

Ocean Provider Network

Co-ordinate care among clinicians and systems

Online Booking

Patient Messages

Patient Reminders

Kiosks & Tablets

Self-Serve Forms

Ocean Studies

eReferrals

eConsults

eOrdering

eSubmissions

Healthmap

Ecosystem

EMR Integrations

Connect with confidence. Discover deep integrations with the leading electronic medical records in Canada

Resources

Information for Patients

Ocean Forms Library

Getting Started

Support

If you are an Ocean user, please visit our comprehensive Support Portal for detailed articles, video walkthroughs and technical guides:

Company

About Us

10+ years of innovation in healthcare technology

Contact Us

Find the best way to connect with an OceanMD team member

Privacy & Security

People